Fondamentaux de la Protection des Données au-delà du RGPD

Ce qu'elle couvre

Ce programme prépare les DPO et les professionnels proches de la conformité à naviguer dans le paysage mondial de la protection des données, en prenant le RGPD comme référentiel de base avant d'explorer les dérogations nationales et les cadres émergents tels que le Data Protection Act britannique, la nLPD suisse et la LGPD brésilienne. Les participants analysent des scénarios concrets de transferts transfrontaliers en s'appuyant sur les CCT, les décisions d'adéquation et les BCR. Le format alterne apports structurés, études de cas et exercices d'analyse des écarts réglementaires. À l'issue de la formation, chaque participant est en mesure d'auditer la posture de conformité de son organisation face à plusieurs cadres réglementaires simultanés.

À l'issue, vous saurez

• Map your organisation's data flows against GDPR, UK DPA, nFADP, and LGPD obligations simultaneously and identify compliance gaps
• Select and implement the correct cross-border transfer mechanism (SCC, adequacy, BCR, or derogation) for a given scenario
• Conduct a structured regulatory gap analysis comparing your existing privacy programme against at least two non-EU frameworks
• Prepare jurisdiction-specific breach notification timelines and escalation procedures for a multi-country incident response plan
• Advise internal stakeholders on national deviations that affect HR data, health data, or marketing activities in specific EU member states

Sujets abordés

• GDPR core obligations, accountability principle and enforcement trends
• National EU member-state deviations and sector-specific exemptions
• UK Data Protection Act 2018 and post-Brexit divergence
• Swiss nFADP: scope, obligations and transition timeline
• Brazil LGPD: key differences, ANPD enforcement and data subject rights
• Cross-border transfer mechanisms: SCCs, adequacy decisions, BCRs, derogations
• Regulatory gap analysis and multi-regime compliance mapping
• Data breach notification obligations across jurisdictions

Modalité

Delivered as a blended programme over two to three days, either in-person or live virtual (Zoom or Teams). Each day combines 60% structured instruction and 40% applied exercises including regulatory mapping workshops, mock regulator Q&A, and case study debriefs. Participants receive a regulatory comparison matrix, a cross-border transfer decision tree, and templates for gap analysis reports. A follow-up 90-minute online clinic is included 4 weeks post-training to address implementation questions.

Ce qui fait que ça marche

• Assign a named internal champion per jurisdiction who attends the training and owns the ongoing compliance monitoring for that regime
• Integrate the regulatory comparison matrix into the organisation's Records of Processing Activities immediately after training
• Schedule a quarterly review cadence to track regulatory updates, especially given the pace of change in UK and Swiss frameworks
• Combine training with a formal gap audit project so that learning is applied to real organisational data and processes within 30 days

Erreurs fréquentes

• Treating GDPR as the universal standard and overlooking stricter or different national requirements such as France's CNIL guidance on cookies or Germany's BDSG employee data rules
• Relying on pre-2023 Standard Contractual Clauses templates without incorporating updated transfer impact assessments post-Schrems II
• Ignoring LGPD and nFADP as 'secondary' concerns until a regulator inquiry or breach event forces urgent catch-up
• Assuming a single privacy policy document can satisfy all jurisdictions without localisation

Fournisseurs à considérer

• IAPP (International Association of Privacy Professionals)iapp.org/train/ →
• DataScientestdatascientest.com →
• Fieldfisher Privacy Academywww.fieldfisher.com/en/services/privacy-security-and-information/privacy-academy →
• OneTrust Academywww.onetrust.com/onetrust-academy/ →

Sources

• European Data Protection Board — Recommendations on transfers after Schrems II →
• IAPP Global Privacy Law and DPA Directory →